The University of Western Australia (UWA) is investigating a cybersecurity breach that exposed thousands of staff and student passwords, forcing a weekend-long system lockdown.

The incident, detected late Saturday, involved unauthorised access to password information. As a precaution, UWA locked all accounts and required users to reset credentials before regaining access. “The University has detected unauthorised access to university password information,” the institution said in a statement, adding that the matter was its “highest priority.”

Fiona Bishop, UWA’s chief information officer, confirmed a critical incident management team was activated and “IT and many teams worked tirelessly overnight on Saturday and through the weekend to lock and reset all students’, staff and visitor passwords.” She said there is currently no evidence that data beyond passwords was accessed.

The breach, which has not been linked to ransomware, left nearly 30,000 students and almost 4,000 staff temporarily locked out of core systems and software. Bishop likened the investigation to “following footprints in the sand” and noted that classes would continue as planned. Students have been granted a three-day extension on assessments to offset disruption.

No communication has been received from the party responsible, and UWA continues to bolster its defences. “Universities are powerhouses of information and learning, and the sector as a whole is a cyber target, which is only increasing as they become more digital and modernised,” Bishop said.

This is the second major university breach in Australia this year, following a Western Sydney University incident in April that exposed up to 10,000 records. UWA is advising staff and students to remain alert for phishing attempts and is maintaining staffed support for password resets in the coming days.